The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
To read all comments associated with this story, please click here.
Member since:2005-07-06
Windows 7 doesn't support secure boot.
An accurate example would be a user who purchases a Windows 8 system from an OEM that does not include an option to disable secure boot. The user is unable to install any prior version of Windows (other than in a VM) since none support secure boot.
Member since:2005-07-12
Maybe Sony isn't the best example.
Also, Sony is the only major OEM I can think of that actually has a BTO option to have a vanilla Windows 7 installation, rather than Win7 + OEM crap, and at no extra charge.
Also, regarding the rootkits, their Sony Music group is separate from their VAIO group.
Member since:2006-09-16
Feel free to pick another example. I'll take your word that Sony's laptop group won't do this, but the parent corporation has demonstrated their willingness to harm Sony customers. All it would take is a new head for that division.
The point remains: Microsoft is leaving the door open for OEMs to handle secure booting in ways that could harm Windows users as well as Linux users. Some OEM will do so. It doesn't matter whether it's Sony or someone else. Microsoft isn't going to listen to Linux users. They might listen to Windows users. Help me convince Windows users that they should be concerned about the way this UEFI feature is implemented. By the way, it is a useful feature, but only if it's done right.
I'm tired of short-sighted people saying that they don't care about some issue because it doesn't affect them. Yes it does. Don't tell me that you don't care about Firefox because you use IE. The only reason IE exists is because Netscape existed. Once Netscape ceased to be a threat, IE stagnated. As soon as Firefox came about, IE resumed improving. You don't need to use something to benefit from its existence.
If the stupidity of OEMs allows Microsoft to gain an effective lock-in on some hardware, that hurts everyone. It hurts people who buy non-crippled hardware, because they have fewer choices. It hurts Windows users because it gives Microsoft one more reason to ignore Windows users; if your hardware only runs Windows, why should Microsoft listen to you? You're stuck running Windows no matter how they treat you.
Member since:2010-06-19
Member since:2011-01-28
Icaria,
"Unless the Win8 keys are compromised between the releases of Win8 and Win9, they would be the same keys."
Most likely the bios will trust one or more microsoft signing keys, and those keys will then be used to sign individual operating systems + updates. Therefor, a single MS key in the bios should work with all microsoft's current and future operating systems.
I am assuming microsoft will sign all it's current/future operating systems with all bios keys, which may not be the case. They could omit signatures in order to enforce planned obsolescence.
Member since:2005-07-06
Bingo. You're thinking along exactly the right lines. I'm not sure why you haven't been modded up.
It also gets around the uncomfortable virtualisation problem Microsoft doesn't like where you can run free virtualisation platforms and where people have been running versions of Windows long after they have ended support.
Edited 2011-09-27 00:16 UTC
"This is my NeXTstation Turbo Color booting the Mac System 7.1 Operating System using a hardware add-on called 'Daydream'. The Daydream has a Mac ROM and a few custom ICs in it and hooked up to the NeXTs DSP port. Turns your NeXT into a full fledged 68k powered Mac." So cool.
"The NetBSD Project is pleased to announce NetBSD 6.1, the first feature update of the NetBSD 6 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Please note that all fixes in the prior security/bugfix updates (NetBSD 6.0.1 and 6.0.2) are also in 6.1."
"At the end of a week in which Electronic Arts confirmed it wasn't developing a thing for the Wii U, one of the software engineers in EA Sports' Canada studio, in a series of since-deleted tweets, disparaged the console as 'crap' and suggested Nintendo should give up on hardware altogether. 'The Wii U is crap. Less powerful than an Xbox 360. Poor online/store. Weird tablet', tweeted Bob Summerwill, listed as a senior software engineer at EA Canada, in a reply to a tweet posting a link about EA's no-Wii U news. 'Nintendo are walking dead at this point'." The Wii U is turning into the 21st century's Virtual Boy.
"In NixOS, the entire operating system - the kernel, applications, system packages, configuration files, and so on - is built by the Nix package manager from a description in a purely functional build language. The fact that it's purely functional essentially means that building a new configuration cannot overwrite previous configurations. Most of the other features follow from this." Interesting approach. A Linux distribution, sure, but with some very refreshing ideas about system configuration.
Appfour added, among other features, C/C++ support to its new version of AIDE. From Android-IDE, "Now you can write parts of your app or your whole app in C/C++ on your device. AIDE supports the Standard Android NDK toolchain (GCC 4.6 + Bionic, STL, ...). No changes are necessary if you want to build an app developed on a PC with Eclipse. C/C++ development is fully integrated: Build errors appear in the error list and files can easily be navigated to with Go to file. The editor supports C/C++ syntax highlighting."
Ars nails it: "The answer is that Google did announce what amounts to a fairly substantial Android update yesterday. They simply did it without adding to the update fragmentation problems that continue to plague the platform. By focusing on these changes and not the apparently-waiting-in-the-wings update to the core software, Google is showing us one of the ways in which it's trying to fix the update problem."
"It is good for programmers to understand what goes on inside a processor. The CPU is at the heart of our career. What goes on inside the CPU? How long does it take for one instruction to run? What does it mean when a new CPU has a 12-stage pipeline, or 18-stage pipeline, or even a 'deep' 31-stage pipeline? Programs generally treat the CPU as a black box. Instructions go into the box in order, instructions come out of the box in order, and some processing magic happens inside. As a programmer, it is useful to learn what happens inside the box. This is especially true if you will be working on tasks like program optimization. If you don't know what is going on inside the CPU, how can you optimize for it? This article is about what goes on inside the x86 processor's deep pipeline."
"It was the only moment I heard regret slip into Otellini's voice during the several hours of conversations I had with him. 'The lesson I took away from that was, while we like to speak with data around here, so many times in my career I've ended up making decisions with my gut, and I should have followed my gut,' he said. 'My gut told me to say yes.'" The world would've been a much different place - Apple would have been less dependant on Samsung for its chips, which probably would've meant less money for Samsung to develop its Galaxy business.Glass is getting some love at Google I/O as well. New applications have been released - Facebook, Twitter, Evernote, Elle, Tumblr, and CNN. Perhaps more interesting: the newly announced Google Glass Developer Kit will allow offline applications and direct hardware access - great for hacking and expanding Glass' potential. This kit will really allow hackers to put Glass through its paces."But Beck and Merrill decided that simply banning toxic players wasn't an acceptable solution for their game. Riot Games began experimenting with more constructive modes of player management through a formal player behavior initiative that actually conducts controlled experiments on its player base to see what helps reduce bad behavior. The results of that initiative have been shared at a lecture at the Massachusetts Institute of Technology and on panels at the Penny Arcade Expo East and the Game Developers Conference." Absolutely fascinating stuff. I'm a League of Legends player, and to be honest, the community isn't nearly as bad as some make it out to be. I'm happy Riot games has the guts to employ science to address the issue.
Member since:
2006-09-16
Sure, OEM incompetence regarding secure booting will most often work to Microsoft's advantage, but not always. It is also possible that users may buy some future Sony laptop and later discover that Sony only included keys for Windows 7 and they can't upgrade to Windows 8. Take it one step further - the owner can only run the Sony restore image that came with the system, and can't even upgrade from Home to Ultimate.
Don't think that Sony would do something like that? We are, after all, talking about a company that intentionally silently installed rootkits on other people's computers worldwide. There are other companies capable of acting like that, and many more who could do it out of ignorance.
Linux users alone may not have enough influence to change this. We need to convince Windows users that they are at risk, too. And they are.